back to article Australia wants law to ban de-anonymisation of anonymous data

Yet again, the Australian government has announced a proposal that could outlaw academic research. In the wake of the privacy concerns that surrounded Australia's 2016 Census, attorney-general George Brandis has said the government will make it illegal to de-anonymise data sets that have been de-identified. In the lead-up to …

  1. Anonymous Coward
    Anonymous Coward

    ABS crypto hash

    Dare one point out that the only purpose of the ABS crypto hash, that of enabling a linkage between disparate data sets and the census data means that they have precisely created a tool for re-identifying their anonymised data. The very act of linking those data sets will necessarily de-anonymise the resultant combined data.

    It will be interesting to see if the law only applies to the great unwashed outside government of if the usual tired "we can do whatever we want because... terrorists" excuse will once be trotted out to cover off the government itself.

    1. Graham Cobb Silver badge

      Re: ABS crypto hash

      This is the real issue.

      Making de-anonymisation illegal is an important point in protecting against many commercially-oriented threats. For example, insurance companies abusing medical data that they may have been given access to for research purposes in order to set premiums (for individuals, geographic areas, etc). A law will probably prevent commercial players from doing it (and provides a context for compensation if they do so).

      But, it does not protect, in any way, against abuse by government (for example a future government deciding to send all muslims to internment camps, or something). That is the threat which has to be shown to be completely impossible if people are to be persuaded to provide intrusive personal information. To protect people against this sort of abuse it is essential that really intrusive data like census data is aggregated immediately, and the raw data not retained at all.

      Yes, it would be nice to be able to go back to earlier data to look at it in a new way in years to come; but if allowing that possibility just means people won't tell the truth the data becomes useless not just in the future but even now!

  2. Winkypop Silver badge

    attorney-general George Brandis

    C L U E L E S S

  3. veti Silver badge

    Oz policy continues...

    Nice to see that some things survive mere changes in government...

    I see this as a natural extension of Australia's war on science. Now they've dragged in maths too.

  4. Adam 1

    FFS George, our problem with the census and it's ilk isn't just those law abiding citizens. It includes the less savoury types who are already flaunting several laws to get it in the first place. There's also the small matter of the more than 6 billion people out there who are not subject to our laws.

    Rather spend your effort instilling a culture of individual's privacy, to only collect the minimum data required to perform the specific functions and to viciously guard against mission creep by unaccountable bodies. Cut bonuses from departments that leak private data and use it to compensate the inevitable victims of those leaks

  5. Damian Skeeles

    A vote for the bill

    Ok, early days yet, but insofar as my thought processes have developed on this, I'm supportive.

    You can see why the bill is proposed - to deter insurance companies from trying to reverse engineer the data, and to be able to penalise them and shut them down if they do. It's data. It's hugely valuable for them. You HAVE to legislate against it, because if you don't, they can invest more than any university (indeed, can sponsor THEM) to deanonymise it.

    Also, deidentification is not crypto. Once someone has made a viable attack on your crypto cipher, you can phase it out for all future use. With de-identification, you can't recall all the anonymised data and anonymise it differently. It's already out there. Then you'll need to legislate against it, sharpish! Assuming no-one else has already cracked it and is happily, legally, already dropping funeral home ads into the feeds of relatives of a person who doesn't even know his chance of dying in the next 90 days is statistically probable from medical analytics.

    So, yeah, legislation against deanonymisation is reasonable. By all means provide an exception and licensing scheme for researchers to try and crack it, under NDA and strict terms. But set the default to illegal, to provide the stick where necessary.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like